For foreign keys, check REFERENCES privilege only on the referenced table.
We were requiring that the user have REFERENCES permission on both the referenced and referencing tables --- but this doesn't seem to have any support in the SQL standard, which says only that you need REFERENCES permission on the referenced table. And ALTER TABLE ADD FOREIGN KEY has already checked that you own the referencing table, so the check could only fail if a table owner has revoked his own REFERENCES permission. Moreover, the symmetric interpretation of this permission is unintuitive and confusing, as per complaint from Paul Jungwirth. So let's drop the referencing-side check. In passing, do a bit of wordsmithing on the GRANT reference page so that all the privilege types are described in similar fashion. Discussion: https://postgr.es/m/8940.1490906755@sss.pgh.pa.us
This commit is contained in:
parent
8f18a880a5
commit
64d4da511c
@ -750,9 +750,11 @@ CREATE [ [ GLOBAL | LOCAL ] { TEMPORARY | TEMP } | UNLOGGED ] TABLE [ IF NOT EXI
|
|||||||
class="parameter">refcolumn</replaceable> list is omitted, the
|
class="parameter">refcolumn</replaceable> list is omitted, the
|
||||||
primary key of the <replaceable class="parameter">reftable</replaceable>
|
primary key of the <replaceable class="parameter">reftable</replaceable>
|
||||||
is used. The referenced columns must be the columns of a non-deferrable
|
is used. The referenced columns must be the columns of a non-deferrable
|
||||||
unique or primary key constraint in the referenced table. Note that
|
unique or primary key constraint in the referenced table. The user
|
||||||
foreign key constraints cannot be defined between temporary tables and
|
must have <literal>REFERENCES</> permission on the referenced table
|
||||||
permanent tables.
|
(either the whole table, or the specific referenced columns).
|
||||||
|
Note that foreign key constraints cannot be defined between temporary
|
||||||
|
tables and permanent tables.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
|
@ -257,10 +257,9 @@ GRANT <replaceable class="PARAMETER">role_name</replaceable> [, ...] TO <replace
|
|||||||
<term>REFERENCES</term>
|
<term>REFERENCES</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
To create a foreign key constraint, it is
|
Allows creation of a foreign key constraint referencing the specified
|
||||||
necessary to have this privilege on both the referencing and
|
table, or specified column(s) of the table. (See the
|
||||||
referenced columns. The privilege may be granted for all columns
|
<xref linkend="sql-createtable"> statement.)
|
||||||
of a table, or just specific columns.
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -351,7 +350,7 @@ GRANT <replaceable class="PARAMETER">role_name</replaceable> [, ...] TO <replace
|
|||||||
<function>currval</function> and <function>nextval</function> functions.
|
<function>currval</function> and <function>nextval</function> functions.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
For types and domains, this privilege allow the use of the type or
|
For types and domains, this privilege allows the use of the type or
|
||||||
domain in the creation of tables, functions, and other schema objects.
|
domain in the creation of tables, functions, and other schema objects.
|
||||||
(Note that it does not control general <quote>usage</quote> of the type,
|
(Note that it does not control general <quote>usage</quote> of the type,
|
||||||
such as values of the type appearing in queries. It only prevents
|
such as values of the type appearing in queries. It only prevents
|
||||||
@ -360,13 +359,13 @@ GRANT <replaceable class="PARAMETER">role_name</replaceable> [, ...] TO <replace
|
|||||||
which could prevent the owner from changing the type later.)
|
which could prevent the owner from changing the type later.)
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
For foreign-data wrappers, this privilege enables the grantee
|
For foreign-data wrappers, this privilege allows creation of
|
||||||
to create new servers using that foreign-data wrapper.
|
new servers using the foreign-data wrapper.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
For servers, this privilege enables the grantee to create foreign
|
For servers, this privilege allows creation of foreign tables using
|
||||||
tables using the server, and also to create, alter, or drop their own
|
the server. Grantees may also create, alter, or drop their own
|
||||||
user's user mappings associated with that server.
|
user mappings associated with that server.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -6817,7 +6817,6 @@ ATAddForeignKeyConstraint(AlteredTableInfo *tab, Relation rel,
|
|||||||
* Now we can check permissions.
|
* Now we can check permissions.
|
||||||
*/
|
*/
|
||||||
checkFkeyPermissions(pkrel, pkattnum, numpks);
|
checkFkeyPermissions(pkrel, pkattnum, numpks);
|
||||||
checkFkeyPermissions(rel, fkattnum, numfks);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Look up the equality operators to use in the constraint.
|
* Look up the equality operators to use in the constraint.
|
||||||
@ -7745,7 +7744,12 @@ findFkeyCast(Oid targetTypeId, Oid sourceTypeId, Oid *funcid)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Permissions checks for ADD FOREIGN KEY */
|
/*
|
||||||
|
* Permissions checks on the referenced table for ADD FOREIGN KEY
|
||||||
|
*
|
||||||
|
* Note: we have already checked that the user owns the referencing table,
|
||||||
|
* else we'd have failed much earlier; no additional checks are needed for it.
|
||||||
|
*/
|
||||||
static void
|
static void
|
||||||
checkFkeyPermissions(Relation rel, int16 *attnums, int natts)
|
checkFkeyPermissions(Relation rel, int16 *attnums, int natts)
|
||||||
{
|
{
|
||||||
|
Loading…
x
Reference in New Issue
Block a user